Limit the user accounts that can connect through OpenSSH remotely

From

Limit OpenSSH users

How to limit the user accounts that can connect through ssh remotely

Note: When you initially enable the SSH server, any user with a valid account can connect remotely. This can lead to security risks because password cracking tools exist that try common username/password pairs. This method helps restrict login access.

Keep a backup of the ssh server configuration file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL

Edit the configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/ssh/sshd_config

Change the parameter:

PermitRootLogin no

This disallows the root user from connecting through SSH remotely.

Add the parameter:

AllowUsers <user1> <user2> ...

and specify the usernames (space separated) that can connect remotely.

NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith).

You can also use:

DenyUsers <user1> <User2> ...

and specify, again using wildcards, users restricted from using SSH.

If you enable the OpenSSH server and you do not wish to enable any remote connections, you may add: